Security & Encryption Details

Pastebins are useful for sending text over Twitter or instant messaging, but the
most popular ones do not provide any security. Posts on "pastebin.com" are
indexed by search engines. You can
search for private keys.
This pastebin aims to protect your data as much as possible while being as easy
to use as other pastebin services.

The text you submit here will be encrypted and sent over an SSL/TLS connection
so that it should never be seen by anyone unless they know the URL and, if one
was used, the client-side password. For maximum security, use a strong
client-side password and transmit it through a secure channel (such as
OTR-encrypted chat or PGP-encrypted email).

Important Security Note: Someone with access to the web server will not be able to
decrypt the posts already stored in the database, but they can:

Modify the JavaScript encryption code to make it save your password.

View your post as it is being submitted.

View your post as it is being viewed.

This means that you must trust the operator of the server hosting this website.
You must trust that law enforcement has not compelled the operator to provide
the decrypted posts. So far, that has not happened (check often to see if this
text has been removed).

We have a robots.txt entry to stop search engines from
indexing the posts. Search engines can ignore the robots.txt file, so this is
not guaranteed.

If logging were enabled on the server, then the pastebin URLs would be written
to the log file and the system administrator could see the posts. For this
reason, access logging is disabled on the server. If access logging must be
enabled for some reason, there are rules in place to ensure requests with
pastebin URLs or Referers are not logged.

Here's how the encryption works:

PIE BIN Encryption Process:

Command-Line Script

This bash script reads standard input, encrypts it, then uploads it to the
pastebin. It then prints the command to download and decrypt the post.

Warning: The download-and-decrypt command contains the encryption
password. It will be visible to other users via the process list (ps aux), and
will be saved in your shell history. For maximum security, omit the --passphrase
option and paste the password separately.